Privacy Policy

Penzu Inc. ("Penzu," "we," "our," or "us") recognizes the importance of privacy and the sensitivity of personal information. This Privacy Policy outlines how we manage your personal information and safeguard your privacy when you use our website and services.

Information We Collect

Account Information

When you register for a Penzu account, we collect:

• Your name and email address
• Password (stored securely using industry-standard hashing)
• Time zone and language preferences

Journal Content

Your journal entries, notes, and any attached images are stored on our servers. This content is private by default and only accessible to you unless you choose to share it.

Important: If you use our Encryption Lock feature (available to Pro users), your entries are encrypted using 256-bit AES encryption. This means even Penzu cannot read your encrypted content.

Payment Information

If you subscribe to Penzu Pro or Pro+, payment information is collected and processed by our third-party payment processors. We do not store your complete credit card numbers, expiry dates, or security codes on our servers.

Device and Usage Data

When you use Penzu, we automatically collect:

• Browser type and version
• IP address
• Device information
• Pages visited and features used
• Session duration and interaction patterns

This information helps us improve our service and troubleshoot issues.

How We Use Your Information

We use your information to:

• Provide the Service: Store and display your journal entries, sync across devices, and maintain your account
• Process Payments: Handle subscription billing and provide receipts
• Communicate with You: Send account-related notifications, respond to support requests, and share product updates (you can opt out of marketing emails)
• Improve Our Service: Analyze usage patterns to enhance features and fix bugs
• Ensure Security: Detect and prevent fraud, abuse, and security threats

We do not:

• Sell your personal information to third parties
• Read your journal entries, except when you explicitly share content with our support team for troubleshooting (and we cannot read encrypted entries under any circumstances)
• Use your journal content for advertising or to train AI models
• Share your data with advertisers

No AI Processing: Your journal entries are not processed by artificial intelligence systems. We do not use your content to train machine learning models or generate automated insights.

Data Storage and Security

Where Your Data Is Stored

Your data is stored on secure servers. We use industry-standard security measures including:

• SSL/TLS encryption for all data in transit
• Encrypted storage for sensitive account information
• Regular security audits and updates
• Access controls limiting who can access our systems

Encryption Options

All Entries: Even without additional locks, your entries are protected by our standard security measures including secure servers, access controls, and encrypted connections. Your content is private and accessible only to you.

Basic Lock: Available to all users, this adds a secondary password to specific entries. This password can be recovered by contacting support if forgotten.

Encryption Lock (Pro): Uses 256-bit AES encryption where your entries are encrypted on our servers and only you hold the key. This provides the highest level of privacy—even Penzu staff cannot read encrypted content. If you lose your Encryption Lock password, we cannot recover your encrypted data. You assume full responsibility for maintaining your encryption password.

Third-Party Services

We use trusted third-party services to operate Penzu:

• Payment Processors: Braintree, PayPal, Apple, and Google for secure subscription payments
• Cloud Infrastructure: To host and store your data reliably
• Analytics and Error Tracking: Services like Mixpanel and Bugsnag to understand usage and fix issues
• Email Services: To send transactional and marketing communications

These providers are contractually obligated to protect your information and only use it to provide services to us. A current list of our third-party service providers is available upon request by contacting support@penzu.com.

Cookies and Tracking

We use cookies to:

• Keep you logged in to your account
• Remember your preferences
• Understand how you use our service
• Improve performance and user experience

You can configure your browser to refuse cookies, but this may limit your ability to use some features of Penzu.

Your Rights

Depending on your location, you may have the following rights:

For All Users

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Download your journal entries and data
• Opt-Out: Unsubscribe from marketing communications

For EU/EEA Users (GDPR)

In addition to the above, you have the right to:

• Object to processing of your personal data
• Request restriction of processing
• Data portability
• Lodge a complaint with a supervisory authority

For California Users (CCPA)

You have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt-out of the sale of personal information (note: we do not sell personal information)
• Non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@penzu.com.

Children's Privacy

Penzu is not intended for children under 13 years of age. In compliance with the Children's Online Privacy Protection Act (COPPA) and similar laws, we do not knowingly collect personal information from children under 13. If you are under 13, you may not create an account or use our service.

Users aged 13-17: If you are between 13 and 18 years old, you may use Penzu only with the consent and supervision of a parent or legal guardian who agrees to be bound by our Terms of Service on your behalf.

For EU users: In accordance with GDPR requirements, users under 16 in certain EU member states may need parental consent to use our service.

If we become aware that we have collected personal information from a child under 13 (or under 16 where applicable), we will delete that information within 30 days. If you believe we have inadvertently collected such information, please contact us immediately at support@penzu.com.

Data Retention

We retain your personal information and journal content for as long as your account is active or as needed to provide you with our services.

Account Deactivation: If you deactivate your account, your data is retained for up to 90 days to allow for reactivation, after which it may be permanently deleted.

Account Deletion: If you request permanent account termination, we will delete your data within 30 days. Some information may be retained in encrypted backups for up to 90 additional days, after which backups are purged. We may also retain limited information as required by law (such as transaction records for tax purposes).

International Data Transfers

Penzu is based in Canada. If you access our service from outside Canada, your information may be transferred to, stored, and processed in Canada or other countries where our service providers operate.

By using Penzu, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this page. For significant changes, we may also notify you by email or through a notice on our website.

Your continued use of Penzu after any changes constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, please contact us:

Email: info@penzu.com

Mailing Address: Penzu Inc. 2967 Dundas St. W. #760 Toronto, ON M6P 1Z2 Canada